On May 4, 12:58 am, Ramon de Carvalho Valle <rcva...@linux.vnet.ibm.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I'm having problems with my PKCS #11 implementation and mod_nss. The > requests using SSLv3 protocol fails with bad_record_mac (20). I think > the problem is in client_key_exchange (16), and I would like to know if > both TLSv1 and SSLv3 protocols use the PKCS #1 Encryption-block > formatting according to RFC 2313: > > EB = 00 || BT || PS || 00 || D . > > SSLTAP shows the ClientKeyExchange message length in client_key_exchange > (16) is 130 (0x82) for TLSv1 and 128 (0x80) for SSLv3. > > Best regards, > > - -- > Ramon de Carvalho Valle > Software Engineer > IBM Linux Technology Center > E-Mail: rcva...@linux.vnet.ibm.com > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvfKtsACgkQGIS0iEuhp4OaHwCeNMz9V1iEEHcZ7gVIjvtvWKIi > 4voAn30DOVRrXFrT38wDhfkQGza2uaM4iEYEARECAAYFAkvfKtsACgkQkcIYeh81 > wLmaHwCcCDCrvD4Uasb+d6ozZ5li6v/GwskAn3LP0OKUgP+ZXJJaCphAgaEQ0vns > =C6Om > -----END PGP SIGNATURE-----
Hi Ramon RFC 2313 talks about PKCS #7 for Signature algorithms.For more detail you can explore url "http://www.faqs.org/rfcs/rfc2313.html";. You can go through RFC 4346 "http://tools.ietf.org/html/rfc4346"; and " ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf " for implementation. It has been found that their is problem with SSLv3 Dynamic session renegotiation and Handshake (Protocol or Type ) Client Key Exchange (16).I don't think that PKCS #1 fully support TLSv1 and SSLv3 (PKCS#1 needs padding). -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
